Bug? in syslog infection messages
Richard Lynch
rich at MAIL.WVNET.EDU
Tue Jun 7 13:36:39 IST 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Julian Field wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>What virus scanner are you using? (And if it's Sophos or ClamAV then
>the module version or the command-line version?)
>
>
Sorry, I should have mentioned that I'm running F-Prot. I'm also
running ClamAV in command line mode. The output from ClamAV does
include the full path.
-- Rich
>On 6 Jun 2005, at 13:56, Richard Lynch wrote:
>
>
>
>>I upgraded to the latest stable over the weekend. The infection
>>messages in the syslog are now formatted like this...
>>
>>Jun 6 04:33:33 helen MailScanner[9301]: ./eyghn.zip->eyghn.htm
>>Infection: W32/Mytob.EK at mm
>>
>>Prior to the upgrade the messages are formatted like this...
>>
>>Jun 4 04:16:30 barney MailScanner[18024]: /var/spool/MailScanner/
>>incoming/18024/j548EsXL032151/tyve.scr Infection: W32/Mytob.CZ at mm
>>
>>Note that the full path is missing. Unfortunately, I'm counting on
>>the old message format in order to tie an infected message back to
>>the sending site and targeted user. I'm using the message-id to do
>>that. This is used for reports which I send to customers. Is
>>there an easy way to return to the old message format?
>>
>>Richard Lynch
>>WVNET
>>
>>
--
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
[ Part 2, Text/X-VCARD (charset: UTF-8 "Internet-standard Unicode") ]
[ (Name: "rich.vcf") 13 lines. ]
[ Unable to print this part. ]
More information about the MailScanner
mailing list